From e51705c41d8acf7a447dbdcba7b744f4b42d513c Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Fri, 17 Apr 2020 10:08:28 -0700
Subject: [PATCH] acme: request ECC certs

---
 CHANGES           | 3 +++
 src/cert/acme2.js | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index c6faa483e..8dc5ddada 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1912,3 +1912,6 @@
 [5.1.5]
 * Check for .well-known routes upstream as fallback. This broke nextcloud's caldav/carddav
 
+[5.2.0]
+* acme: request ECC certs
+
diff --git a/src/cert/acme2.js b/src/cert/acme2.js
index 38a4580fc..dcf7fba43 100644
--- a/src/cert/acme2.js
+++ b/src/cert/acme2.js
@@ -332,7 +332,7 @@ Acme2.prototype.createKeyAndCsr = function (hostname, callback) {
         // in some old releases, csr file was corrupt. so always regenerate it
         debug('createKeyAndCsr: reuse the key for renewal at %s', privateKeyFile);
     } else {
-        var key = safe.child_process.execSync('openssl genrsa 4096');
+        var key = safe.child_process.execSync('openssl ecparam -genkey -name secp384r1'); // openssl ecparam -list_curves
         if (!key) return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
         if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));